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DETAILED ACTION 

This Office Action is in response to the application 10/696,495 filed on 02/09/2010. 
Claims 2, 10, 26, and 19 have been cancelled. 

Claims 1, 3, 4, 6, 9, 11-12, 14-15, 17-18, 20-25, and 27 have been amended. 
Claims 1, 3-9, 11-18, 20-25, and 27 have been examined and are pending. 
This Action is made FINAL. 

Response to Arguments 

Applicant's arguments, see page 11, filed 02/09/2010, with respect to the objection of 
claims 1, 15, 17, and 27 have been fully considered. The objection of claims 1, 15, 17, and 27 
has been withdrawn due to amendment. 

Applicant's arguments, see page 12, filed 02/09/2010, with respect to the 35 U.S.C. § 
1 12, 2 nd rejection of claims 1, 3-9, 11-18, and 20-25 have been fully considered. The 35 U.S.C. 
§1 12, 2 nd rejection of claims 1, 3-9, 11-18, and 20-25 has been withdrawn due to amendment. 

Applicant's arguments, see page 12, filed 02/09/2010, with respect to the 35 U.S.C. § 
1 12, 2 nd rejection of claim 27 have been fully considered and they are not persuasive. The 35 
U.S.C. § 1 12, 2 nd rejection of claim 27 is maintained for the following reasons: 

Regarding claim 27; the claim limitation "means for retrieving in secure, " "means for 
assembling, " "means for receiving, " "means for associating the unique chip with the received 
backup data package, " "means for storing the backup data package, " "means for associating a 
unique device identity with the unique chip identifier, " "means for signing the associated 
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unique device identity and unique chip identifier, " "means for storing the certificate" and 
"means for storing the unique device identity and the certificate in association with the backup 
data package " uses the phrase "means for" or "step for", but it is modified by some structure, 
material, or acts recited in the claim. It is unclear whether the recited structure, material, or acts 
are sufficient for performing the claimed function which would preclude application of 35 U.S.C. 
1 12, sixth paragraph, because the corresponding figure 1 and page 9, line 24 through page 15, 
line 24 of the original of the specification, just show steps to "means for retrieving in secure, " 
"means for assembling, " "means for receiving, " "means for associating the unique chip with 
the received backup data package, " "means for storing the backup data package, " "means for 
associating a unique device identity with the unique chip identifier, " "means for signing the 
associated unique device identity and unique chip identifier, " "means for storing the certificate " 
and "means for storing the unique device identity and the certificate in association with the 
backup data package; " the aforementioned flowcharts do not provide sufficient structure for 
performing claimed functions. 

If applicant wishes to have the claim limitation treated under 35 U.S.C. 1 12, sixth 
paragraph, applicant is required to amend the claim so that the phrase "means for" or "step for" 
is clearly not modified by sufficient structure, material, or acts for performing the claimed 
function. 

If applicant does not wish to have the claim limitation treated under 35 U.S.C. 1 12, sixth 
paragraph, applicant is required to amend the claim so that it will clearly not be a means (or step) 
plus function limitation (e.g., deleting the phrase "means for" or "step for"). 
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Applicant's arguments, see page 13, filed 02/09/2010, with respect to the 35 U.S.C. § 101 
rejection of claim 27 have been fully considered and are persuasive. The 35 U.S.C. § 101 
rejection of claim 27 has been withdrawn. 

Applicant's arguments filed 02/09/2010 have been fully considered but they are not 
persuasive. 

The Applicant argues the following: 

(a) Craft fails to disclose associating a unique device identity with the unique chip 
identifier; 

(b) Craft and any combination of the cited references, fail to disclose storing in the 
permanent public database, the unique device identity and the certificate in association with the 
backup data package and the associated unique chip identifier. 

The Examiner respectfully disagrees for the following reasons: 
Per (a): 

The combination of Mauro, Craft, Chien, and Okimoto teaches all limitations in claim 1. 

The combination of Mauro, Craft, Chien, and Okimoto further teaches associating a 
unique device identity with the unique chip identifier unique chip identifier [Craft: par. [0015]; 
par. [0041]; a unique device identity is associated with client device (i.e. device identity) ; CPU 
chip is equivalent to unique chip identifier; Chien: Col. 3; lines 15-20; Col. 3, lines 55-60; Col. 
4, lines 1-32; fig. 1; Wireless communication device includes a device serial number 102 and a 
SIM ID 107; Col. 4, lines 28-32; An International Mobile Station Equipment Identity (IMEI) can 
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be used as a device identifier; fig. 2; Col. 4, lines 40-50; retrieving personalization parameters 
such as a device serial number as a SIM ID; Col. 6, lines 54-57]. 
Per (b): 

The combination of Mauro, Craft, Chien, and Okimoto teaches all limitations in claim 1. 

The combination of Mauro, Craft, Chien, and Okimoto further teaches storing in the 
permanent public database, the unique device identity and the certificate in association with the 
backup data package and the associated unique chip identifier [ Craft: par. [0043], lines 1-6 and 
figure 2; A client serial number (216) is equivalent to a unique chip identifier and a client public 
key datastore (222) is equivalent to a perman ent public database; par. [0036]; "a data can be 
signed by computing a digital signature from the data and the private key of signer. Once the 
data is digitally signed, it can be stored with the identity of the signer and the signature that 
proves that the data originated form the signer "; a data signed by computing a digital signature 
using private key, thereby generating a certificate which is stored in datastore (222); par. 
[0041], lines 7-13; "The manufacture of the client CPU chips also has knowledge of a server 
public key that is associated with a server private key that may or may not be known to the 
manufacturer" ; Chien: Col. 3; lines 15-20; Col. 3, lines 55-60; Col. 4, lines 1-32; fig. I]; 

Claim Objections 

Claims 1, 3-4, 6, 9, 11-12, 14, 20-21, and 23 are objected to because of the following 
informalities: Appropriate correction is required. 

(Claim 1, line 18): "chip identifier, with" should be replaced by "chip identifier using". 
(Claim 3, lines 2-3): "a secure, key" should be replaced by "a secure key". 
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(Claim 4, line 2): "a secure, key" should be replaced by "a secure key". 

(Claim 6, line 2): "a secure, key" should be replaced by "a secure key". 

(Claim 9, line 20): "chip identifier, with" should be replaced by "chip identifier using". 

(Claim 11, line 2): "a secure, key" should be replaced by "a secure key". 

(Claim 12, line 2): "a secure, key" should be replaced by "a secure key". 

(Claim 14, line 2): "a secure, key" should be replaced by "a secure key". 

(Claim 20, line 2): "a secure, key" should be replaced by "a secure key". 

(Claim 21, line 2): "a secure, key" should be replaced by "a secure key". 

(Claim 23, line 2): "a secure, key" should be replaced by "a secure key". 



Claim Rejections - 35 USC § 112 
The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly claiming the 
subject matter which the applicant regards as his invention. 

Claim 27 is rejected under 35 U.S.C. 112, second paragraph, as being indefinite for failing to 
particularly point out and distinctly claim the subject matter which applicant regards as the 
invention. 

Regarding claim 27; the claim limitation "means for retrieving in secure, " "means for 
assembling, " "means for receiving, " "means for associating the unique chip with the received 
backup data package, " "means for storing the backup data package, " "means for associating a 
unique device identity with the unique chip identifier, " "means for signing the associated 
unique device identity and unique chip identifier, " "means for storing the certificate " and 
"means for storing the unique device identity and the certificate in association with the backup 
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data package " uses the phrase "means for" or "step for", but it is modified by some structure, 
material, or acts recited in the claim. It is unclear whether the recited structure, material, or acts 
are sufficient for performing the claimed function which would preclude application of 35 U.S. C. 
1 12, sixth paragraph, because the corresponding figure 1 and page 9, line 24 through page 15, 
line 24 of the original of the specification, just show steps to "means for retrieving in secure, " 
"means for assembling, " "means for receiving, " "means for associating the unique chip with 
the received backup data package, " "means for storing the backup data package, " "means for 
associating a unique device identity with the unique chip identifier, " "means for signing the 
associated unique device identity and unique chip identifier, " "means for storing the certificate " 
and "means for storing the unique device identity and the certificate in association with the 
backup data package; " the aforementioned flowcharts do not provide sufficient structure for 
performing claimed functions. 

If applicant wishes to have the claim limitation treated under 35 U.S.C. 1 12, sixth 
paragraph, applicant is required to amend the claim so that the phrase "means for" or "step for" 
is clearly not modified by sufficient structure, material, or acts for performing the claimed 
function. 

If applicant does not wish to have the claim limitation treated under 35 U.S.C. 1 12, sixth 
paragraph, applicant is required to amend the claim so that it will clearly not be a means (or step) 
plus function limitation (e.g., deleting the phrase "means for" or "step for"). 
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The Examiner kindly requests the Applicant to point out and explain with specificity (i.e. 
column and line) in the specification where it describes/supports the aforementioned limitation 
(Emphasis added). 

Claim Rejections - 35 USC §103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all obviousness 
rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set forth in 
section 102 of this title, if the differences between the subject matter sought to be patented and the prior art are 
such that the subject matter as a whole would have been obvious at the time the invention was made to a person 
having ordinary skill in the art to which said subject matter pertains. Patentability shall not be negatived by the 
manner in which the invention was made. 

Claims 1, 3-4, 6, 8-9, 11-12, 14, 16-17, 25, and 27 are rejected under 35 U.S.C. 103(a) as 

being unpatentable over Mauro (US 2002/0147920) in view of Craft et al. (US 2002/0150243) 
further in view of Chien (US 7,551,913 Bl), and further in view of Okimoto et al. (US 

6,978,022 B2), 

As per claim 1: 

Mauro teaches a method comprising: 

(a) retrieving in a secure processing point separated from and arranged in communication 
with a personal device, a unique chip identifier from a read-only storage of an integrated circuit 
chip included in the personal device [Mauro: par. [0038]); A read only memory (ROM 252) 
stores secure parameters (e.g., a unique chip identifier) via a secure operation (e.g., during 
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the manufacturing phase) and become available for use thereafter (e.g. retrieving a unique 
chip identifier)]; 

(b) the secure processing point assembling a data package and loading the data package 
in the personal device for storage therein, the data package including at least one cryptographic 
key specific to the personal device [Mauro: par. [0034], lines 1-7; A secure unit 240 to 
perform all secure processing and store all "sensitive" data (e.g. cryptographic key) by 
various cryptographic technique] ; 

storing sensitive data in a tamper-resistant secret storage of chip an integrated circuit chip 
included in the personal device [Mauro: par. [0037]; memory 254 is a non-volatile memory 
that may be used to stored sensitive data; par. [0039]; "secure processor 250 and memory 
254 are implemented as two separate units enclosed within secure/or tamper 
resistance/evident unit"]; 

(1) storing the certificate in the device [Mauro: par. [0010]; storing certificate in secure 
storage of data]; 

(ml) storing the unique device identity and the certificate [Mauro: par. [0010]; storing 
certificate in secure storage of data; par. [0055]; the certificate is issued and signed by a 
trusted certificate authority that certifies the remote terminal's identity; par. [0063]; 
certificate containing identity verification information for the remote terminal]. 

Mauro does not explicitly disclose, 

(c) receiving at the secure processing point, in response to storing the data package, a 
backup data package from the personal device, which backup data package is the data package 
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encrypted with a unique secret chip key stored in a tamper-resistant secret storage of the 
integrated circuit chip included in the personal device; 

(d) associating the unique chip identifier with the received backup data package; and 

(e) storing the backup data package and the associated unique chip identifier in a 
permanent public database separated from the personal device: 

(f) wherein the secure processing point further performs: 

(g) associating a unique device identity with the unique chip identifier; 

(h) signing the associating a unique device identity and unique chip identifier with a 
manufacturer private signature key corresponding to a manufacturer public signature key stored 
in a read-only memory of the personal device, thereby generating a certificate for the unique 
device identity; 

(m) storing in the permanent public database, the unique device identity and the 
certificate in association with the backup data package and the associated unique chip identifier. 
However, Craft discloses, 

(c) receiving at the secure processing point, in response to storing the data package, a 
backup data package from the personal device, which backup data package is the data package 
encrypted with a unique secret chip key stored in a tamper-resistant secret storage of chip 
[Craft: fig: 2; par. [0021] and par. [0019]; A server system receives encrypted content data 
using permanent, hardware-embedded, cryptographic keys (tamper-resistant secret 
storage) from a client.] 

(d) associating the unique chip identifier with the received backup data package [Craft: 
par. [0041], lines 7-13; "The manufacture of the client CPU chips also has knowledge of a 
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server public key that is associated with a server private key that may or may not be 
known to the manufacturer"]; 

(e) storing the backup data package and the associated unique chip identifier in a 
permanent public database separated from the personal device [Craft: par. [0043], lines 1-6 and 
figure 2; A client serial number (216) is equivalent to a unique chip identifier and a client 
public key datastore (222) is equivalent to a permanent public database]. 

(f) Craft further discloses the secure processing point performs: 

(gl) associating a unique device identity with the unique chip identifier [Craft: par. 
[0015]; par. [0041]; a unique device identity is associated with client device (i.e. device 
identity) ; CPU chip is equivalent to unique chip identifier]; 

(h) signing the associating a unique device identity and unique chip identifier with a 
manufacturer private signature key corresponding to a manufacturer public signature key stored 
in a read-only memory of the device, thereby generating a certificate for the unique device 
identity [Craft: par. [0036] ; "a data can be signed by computing a digital signature from 
the data and the private key of signer"; a data signed by computing a digital signature 
using private key, thereby generating a certificate]; 

(m) storing in the permanent public database, the unique device identity and the 
certificate in association with the backup data package and the associated unique chip identifier 
[Craft: par. [0043], lines 1-6 and figure 2; A client serial number (216) is equivalent to a 
unique chip identifier and a client public key datastore (222) is equivalent to a permanent 
public database; Craft: par. [0036] ; "a data can be signed by computing a digital signature 
from the data and the private key of signer. Once the data is digitally signed, it can be 
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stored with the identity of the signer and the signature that proves that the data originated 
form the signer"; a data signed by computing a digital signature using private key, thereby 
generating a certificate which is stored in datastore (222)] . 

Thus, it would have been obvious to the person of ordinary skill in the art at the time of 
the invention was made to combine the method of Mauro by including other feature such as 
receiving in response to storing the data package, associating the unique chip identifier with the 
received backup data package , and storing the backup data package and the associated unique 
chip identifier of Craft because it would ensure security of the communication between client 
devices and servers [Craft: paragraph [0013], lines 1-4, Craft et al.] 

Mauro and Craft are not so clear of disclosing a unique device identity and associating a 
unique device identity with the unique chip identifier; 

However, Chien discloses methods and apparatus for anonymous user identification and 
content personalization in wireless communication, wherein associating a unique device identity 
with the unique chip identifier [Chien: Col. 3; lines 15-20; Col. 3, lines 55-60; Col. 4, lines 1- 
32; fig. 1; Wireless communication device includes a device serial number 102 and a 
SIM ID 107; Col. 4, lines 28-32; An International Mobile Station Equipment Identity 
(IMEI) can be used as a device identifier; fig. 2; Col. 4, lines 40-50; retrieving 
personalization parameters such as a device serial number as a SIM ID; Col. 6, lines 54- 
57]. 

Thus, it would have been obvious to the person of ordinary skill in the art at the time of 
the invention was made to combine the method of Mauro and Craft by including the teaching of 
Chien wherein associating a unique device identity with the unique chip identifier to provide 
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anonymous content personalization in wireless communication network [Chien: Col. 2, lines 34- 
42]. 

Although the combination of Mauro, Craft, and Chien teach the claimed subject matter, 
they are not so clear of disclosing the secure processing point being separated from the personal 
device. On the hand, Okimoto teaches this limitation in Column 5 [Okimoto: Col. 5, lines 52- 
53]. 

Thus, it would have been obvious to the person of ordinary skill in the art at the time the 
invention was made to combine the method of Mauro, Craft, and Chien by including teaching of 
Okimoto because it would securely deliver encrypted content on demand with access control 
[Col. 3, lines 67 to Col. 4, line 1, Okimoto]. 

As per Claim 3: 

The combination of teaching Mauro, Craft, Chien, and Okimoto teach the claimed subject 

matter. 

Craft et al. further disclose wherein the at least one cryptographic key includes at least 
one cryptography key to be used for a secure, key based communication channel between a 
personal device manufacturer and the personal device [Craft: par. [0038], figure 2; "a data 
processing system for secure communication of application code and content using 
permanent, hardware-embedded, cryptographic key"]. 



As per Claim 4: 
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The combination of teaching Mauro, Craft, Chien, and Okimoto teach the claimed subject 

matter. 

Craft et al. further disclose the method as claimed in claim 3, wherein the at least one 
cryptography key to be used for a secure, key based communication channel includes a 
symmetric key [Craft: par. [0038], lines 1-5; par. [0060], lines 20-24. The symmetric key is a 
cryptographic key which uses trivially cryptographic key for both decryption and 
encryption]. 

As per Claim 6: 

The combination of teaching Mauro, Craft, Chien, and Okimoto teach the claimed subject 

matter. 

Craft et al. further disclose the method as claimed in claim 3, wherein the at least one 
cryptography key to be used for a secure, key based communication channel includes a 
private/public key pair [Craft: par. [0038], par. [0032], "Public key cryptography requires 
each party involved in a communication or transaction to have a pair of key, called the 
public key and the private key"]. 

As per Claim 8: 

The combination of teaching Mauro, Craft, Chien, and Okimoto teach the claimed subject 

matter. 

Craft et al. and Chien further disclose wherein the personal device is a wireless 
communications terminal and the unique device identity is an identifier which identifies the 
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wireless communications terminal in a wireless communications network [Craft: par. [0025], 
lines 13-16. Personal digital assistant (PDAs, client 107) is equivalent to a wireless personal 
device; Chien: Col. 3; lines 15-20; Col. 3, lines 55-60; Col. 4, lines 1-32; fig. 1; Wireless 
communication device includes a device serial number 102 and a SIM ID 107]. 

As per claim 9: 

Mauro teaches a system comprising: 

(a) at least one personal device [Mauro: fig. 1, box 110a; fig. 2], and 

(b) a secure processing point [Mauro: fig. 2, box 240], which secure processing point is 
separated from and arranged in communication with the personal device, 

(c ) wherein the at least one personal device includes an integrated circuit chip with a 
unique chip identifier in a read-only storage and a unique secret chip key in a tamper- resistant 
secret storage [Mauro: par. [0038], lines 1-4. A read only memory (ROM 252) stores secure 
parameters (e.g., a unique chip identifier); par. [0039], lines 9-11; "secure processor 250 
and memory 254 are implemented as two separate units enclosed within a secure and/or 
tamper resistance/evident unit]; 

(d) wherein the secure processing point includes a processor configured for retrieving the 
unique chip identifier and for assembling a data package and loading the data package in the 
personal device for storage therein, the data package including at least one cryptographic key 
specific to said personal device [Mauro: par. [0038]; par. [0034], lines 1-7; A secure unit 240 
to perform all secure processing and store all "sensitive" data (e.g. cryptographic key) by 
various cryptographic technique]; 
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(e) wherein the at least one personal device includes a processor configured for 
encrypting the received data package with the unique secret chip key and transferring a resulting 
backup data package back to the secure processing point [Mauro: par. [0036], lines 8-11; 
"secure processor 250 retrieves data stored within memory 254, processor and/or encrypts 
the retrieved data, and may send the data to external elements (e.g., main processor 230 via 
bus 262)]; and 

(m) storing the certificate in the device [Mauro: par. [0010]; storing certificate in 
secure storage of data] ; 

(nl) storing the unique device identity and the certificate [Mauro: par. [0010]; storing 
certificate in secure storage of data; par. [0055]; the certificate is issued and signed by a 
trusted certificate authority that certifies the remote terminal's identity; par. [0063]; 
certificate containing identity verification information for the remote terminal]. 

Mauro does not explicitly disclose, 

(f) wherein the processor of the secure processing point is arranged for storing the 
received backup data package in association with the unique chip identifier in a permanent public 
database separated from the personal device; 

(g) wherein the processor of the secure processing point further is arranged for: 

(h) associating a unique device identity with the unique chip identifier; 

(1) signing the associating a unique device identity and unique chip identifier 
with a manufacturer private signature key corresponding to a manufacturer public signature key 
stored in a read-only memory of the personal device, thereby generating a certificate for the 
unique device identity; 
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(n) storing in the permanent public database the unique device identity and the certificate 
in association with the backup data package and the associated unique chip identifier. 

However, Craft discloses the processor of the secure processing point is arranged for 
storing the received backup data package in association with the unique chip identifier in a 
permanent public database separated from the personal device [Craft: par. [0043], lines 1-6 and 
figure 2. A client serial number (216) is equivalent to a unique chip identifier and a client 
public key datastore (222) is equivalent to a permanent public database]. 

Craft further discloses wherein the processor of the secure processing point further is 
arranged for: 

(hi) associating a unique device identity with the unique chip identifier [Craft: par. 
[0015]; par. [0041]; a unique device identity is associated with client device; CPU chip is 
equivalent to unique chip identifier] ; 

(1) signing the associating a unique device identity and unique chip identifier with a 
manufacturer private signature key corresponding to a manufacturer public signature key stored 
in a read-only memory of the personal device, thereby generating a certificate for the unique 
device identity [Craft: par. [0036] ; "a data can be signed by computing a digital signature 
from the data and the private key of signer"; a data signed by computing a digital 
signature using private key, thereby generating a certificate]; 

(n) storing in the permanent public database the unique device identity and the certificate 
in association with the backup data package and the associated unique chip identifier [Craft: 
par. [0043], lines 1-6 and figure 2; A client serial number (216) is equivalent to a unique 
chip identifier and a client public key datastore (222) is equivalent to a permanent public 
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database; Craft: par. [0036]; "a data can be signed by computing a digital signature from 
the data and the private key of signer. Once the data is digitally signed, it can be stored 
with the identity of the signer and the signature that proves that the data originated form 
the signer"; a data signed by computing a digital signature using private key, thereby 
generating a certificate which is stored in datastore (222)]; 

Thus, it would have been obvious to the person of ordinary skill in the art at the time of 
the invention was made to combine the system of Mauro by including the processor of the secure 
processing point is arranged for storing the received backup data package of Craft because it 
would ensure security of the communication between client devices and servers [par. [0013], 
lines 1-4, Craft et al.]. 

Mauro and Craft are not so clear of disclosing a unique device identity and associating a 
unique device identity with the unique chip identifier; 

However, Chien discloses methods and apparatus for anonymous user identification and 
content personalization in wireless communication, wherein associating a unique device identity 
with the unique chip identifier [Chien: Col. 3; lines 15-20; Col. 3, lines 55-60; Col. 4, lines 1- 
32; fig. 1; Wireless communication device includes a device serial number 102 and a 
SIMID 107; Col. 4, lines 28-32; An International Mobile Station Equipment Identity 
(IMEI) can be used as a device identifier; fig. 2; Col. 4, lines 40-50; retrieving 
personalization parameters such as a device serial number as a SIM ID; Col. 6, lines 54- 
57]. 

Thus, it would have been obvious to the person of ordinary skill in the art at the time of 
the invention was made to combine the method of Mauro and Craft by including the teaching of 
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Chien wherein associating a unique device identity with the unique chip identifier to provide 
anonymous content personalization in wireless communication network [Chien: Col. 2, lines 34- 
42]. 

Although the combination of Mauro, Craft, and Chien teach the claimed subject matter, 
they are not so clear of disclosing the secure processing point being separated from the personal 
device. On the hand, Okimoto teaches this limitation in Column 5 [Okimoto: Col. 5, lines 52- 
53]. 

Thus, it would have been obvious to the person of ordinary skill in the art at the time the 
invention was made to combine the method of Mauro, Craft, and Chien by including teaching of 
Okimoto because it would securely deliver encrypted content on demand with access control 
[Col. 3, lines 67 to Col. 4, line 1, Okimoto]. 

As per Claim 11: 

Claim 1 1 is essentially the same as claim 3 except that it sets forth the claimed invention as an 
apparatus rather a method and rejected under the same reasons as applied above. 

As per Claim 12: 

Claim 12 is essentially the same as claim 4 except that it sets forth the claimed invention as an 
apparatus rather a method and rejected under the same reasons as applied above. 



As per Claim 14: 
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Claim 14 is essentially the same as claim 6 except that it sets forth the claimed invention as an 
apparatus rather a method and rejected under the same reasons as applied above. 

As per Claim 16: 

Claim 16 is essentially the same as claim 8 except that it sets forth the claimed invention as an 
apparatus rather a method and rejected under the same reasons as applied above. 

As per Claim 17: 

The combination of teaching Mauro, Craft, Chicn, and Okimoto teach the claimed subject 

matter. 

Mauro further discloses: 

reading said unique chip identifier from said read-only storage of said personal device 
[Mauro: par. [0038]); A read only memory (ROM 252) stores secure parameters (e.g., a 
unique chip identifier) via a secure operation (e.g., during the manufacturing phase) and 
become available for use thereafter (e.g. retrieving a unique chip identifier)]; 

Craft further discloses: 

transmitting the chip identifier to said permanent public database [Craft: par. [0043], 
lines 1-6 and figure 2; A client serial number (216) is equivalent to a unique chip identifier 
and a client public key datastore (222) is equivalent to a permanent public database]. 

receiving from the permanent public database said backup data package , said backup 
data package corresponding to the transmitted chip identifier [Craft: par. [0015]; lines 8-15; 
"The client forms a request message, which includes the client serial number, encrypt the 
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request with the server public key ad send the download request to the server... the client 
private key embedded in the client"]; and 

storing the received backup data package in the personal device [Craft: par. [0015]; 
lines 11-15; "The client serial number in the received request is used to search for client 
public key that corresponds to the client private key embedded in the client"]. 

As per Claim 25: 

Claim 25 is essentially the same as claim 1 except that it sets forth the claimed invention as an 
apparatus further comprising a processor [Mauro, fig. 3; box 250, box 230] rather a method and 
rejected under the same reasons as applied above. 

As per Claim 27: 

Claim 27 is essentially the same as claim 1 except that it sets forth the claimed invention as a 
device rather a method and rejected under the same reasons as applied above. 

Claims 18, 20-21, and 23 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Mauro (US 2002/0147920) in view of Craft et al. (US 2002/0150243) further in view of 
Okimoto et al. (US 6,978,022 B2). 

As per claim 18: 

Mauro discloses a personal device comprising: 

(a) an integrated circuit chip with a unique chip identifier in a read-only storage and a 
unique secret chip key in a tamper-resistant secret storage [Mauro: par. [0038], lines 1-4. A 



Application/Control Number: 10/696,495 Page 22 

Art Unit: 2439 

read only memory (ROM 252) stores secure parameters (e.g., a unique chip identifier); par. 
[0039], lines 9-11; "secure processor 250 and memory 254 are implemented as two separate 
units enclosed within a secure and/or tamper resistance/evident unit] ; 

(c) a memory for storing a received data package including at least one cryptographic key 
[Mauro: par. [0037], lines 1-3. A flash memory is a form of non-volatile memory which is 
equivalent to memory (130); par. [0034], lines 1-7. A secure unit 240 to perform all secure 
processing and store all "sensitive" data (e.g. cryptographic key) by various cryptographic 
technique]. 

(f) a read-only memory storing a manufacturer public signature key, wherein the memory 
for storing the received data package is further for storing a received certificate, which 
corresponds to a certificate stored in association with the backup data package in the permanent 
public database and which has been signed with the manufacturer private signature key 
corresponding to the manufacturer public signature key [Mauro: par. [0077]; "The signature 
generation can be performed based on any one of the digital signature and encryption 
algorithms. Secure processor 250 may further provide the certificate that includes the 
remote terminal's public key"]. 
Mauro does not explicitly disclose: 

(b) "a processor configured for outputting the unique chip identifier"; 

(d) "where the processor is further configured for encrypting the received data package 
with the unique secret chip key and outputting a resulting backup data package to a permanent 
public database separated from said personal device". 
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(h) signing the associating a unique device identity and unique chip identifier with a 
manufacturer private signature key corresponding to a manufacturer public signature key stored 
in a read-only memory of the personal device, thereby generating a certificate for the unique 
device identity. 
However, Craft discloses: 

(b) a processor configured for outputting the unique chip identifier [Craft: par. [0041], 
lines 7-9; "each CPU chip is assigned a unique client serial number]. 

(d) wherein the processor is further configured for encrypting the received data package 
with the unique secret chip key and outputting a resulting backup data package to a permanent 
public database separated from said personal device [Craft: abstract , par. [0043], lines 1-6 
and figure 2. Encrypting a request which includes a client serial number (216) is 
equivalent to encrypt the received data package with the unique secret chip key. The client 
serial number (216) is equivalent to a unique chip identifier and a client public key 
datastore (222) is equivalent to a permanent public database]. 

(h) signing the associating a unique device identity and unique chip identifier with a 
manufacturer private signature key corresponding to a manufacturer public signature key stored 
in a read-only memory of the device, thereby generating a certificate for the unique device 
identity [Craft: par. [0036] ; "a data can be signed by computing a digital signature from 
the data and the private key of signer"; a data signed by computing a digital signature 
using private key, thereby generating a certificate]; 

Thus, it would have been obvious to the person of ordinary skill in the art at the time of 
the invention was made to combine the system of Mauro by including the processor of the secure 
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processing point is arranged for storing the received backup data package of Craft because it 
would ensure security of the communication between client devices and servers [par. [0013], 
lines 1-4, Craft et al.]. 

Although the combination of Mauro and Craft teaches the claimed subject matter, they 
are not so clear of disclosing the secure processing point being separated from the personal 
device. On the hand, Okimoto teaches this limitation in Column 5 [Okimoto: Col. 5, lines 52- 
53]. 

Thus, it would have been obv ious to the person of ordinary skill in the art at the time the 
invention was made to combine the device of Mauro and Craft by including the teaching of 
Okimoto because it would securely deliver encrypted content on demand with access control 
[Col. 3, lines 67 to Col. 4, line 1, Okimoto]. 

As per claim 20: 

The combination of Mauro, Craft, and Okimoto teach the subject matter as described above. 
Craft further teaches the personal device as claimed in claim 18, wherein the at least one 
cryptographic key includes at least one cryptography key to be used for a secure, key based 
communication channel between a personal device manufacturer and the personal device [Craft: 
par. [0038], figure 2; "a data processing system for secure communication of application 
code and content using permanent, hardware-embedded, cryptographic key"]. 



As per claim 21: 
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Craft further teaches the personal device as claimed in claim 20, wherein the at least one 
cryptography key to be used for a secure, key based communication channel includes a 
symmetric key [Craft: par. [0038], lines 1-5; par. [0060], lines 20-24. The symmetric key is a 
cryptographic key which uses trivially cryptographic key for both decryption and 
encryption]. 

As per claim 23: 

Craft further teaches the personal device as claimed in claim 20, wherein the at least one 
cryptography key to be used for a secure, key based communication channel includes a 
private/public key pair [Craft: par. [0038], par. [0032], "Public key cryptography requires 
each party involved in a communication or transaction to have a pair of key, called the 
public key and the private key"]. 

Claims 7 and 15 are rejected under 35 U.S.C. 103(a) as being unpatentable Mauro (US 
2002/0147920) in view of Craft et al. (US 2002/0150243), further in view of Chien (US 
7,551,913 Bl), further in view of Okimoto et al. (US 6,978,022 B2), and further in view of 
Ginter et al. (US patent 5,892,900). 

As per Claim 7: 

The combination of teaching Mauro, Craft, Chien, and Okimoto teach the claimed subject 

matter. 
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Craft further discloses generated by the secure processing point during assembly of the 
device [Craft: par. [0042], lines 1-6. Each client CPU chip has a cryptographic unit 
(public/private key) that has been manufactured to contain programmable memory 
storage]. 

Mauro, Craft, Chien, and Okimoto do not explicitly disclose, "the private/public key pair 
is generated and store in advance in a secure database before assembly of the device, in which 
latter case the cryptographic keys stored in advance of assembly are removed from the secret 
database after reception of the backup data package". 

However, Ginter discloses how to generate and store in advance in a secure database 
before assembly of the device, in which latter case the cryptographic keys stored in advance of 
assembly are removed from the secret database after reception of the backup data package 
[Ginter: Col. 169, lines 9-17; claim 101. An electronic appliance 600 updates its secure 
database 610 and/or SPU 500. If an information is received, an end user's electronic 
appliance 600 requesting the electronic appliance to delete the information that has been 
transferred. The information comprises at least one or more cryptographic keys]. 

Thus, it would have been obvious to the person of ordinary skill in the art at the time the 
invention was made to combine the teaching of Mauro, Craft, Chien, and Okimoto by including 
how to store the cryptographic keys in advance and removed from the secret database as 
suggested by Ginter because it would allow the secure database 610 item is updated or modified, 
a new encryption key can be generated for updated item [Ginter, Col. 171, lines 43-46]. 



As per Claim 15: 
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Claim 1 5 is essentially the same as claim 7 except that it sets forth the claimed invention 
as an apparatus rather a method and rejected under the same reasons as applied above. 

Claims 5 and 13 are rejected under 35 U.S.C. 103(a) as being unpatentable over Mauro (US 
2002/0147920) in view of Craft et al. (US 2002/0150243) further view of Chien (US 7,551,913 
Bl), further in view of Okimoto et al. (US 6,978,022 B2), and further in view of Audebert et al. 
(US 2003/0086571 Al). 

As per Claim 5: 

The combination of teaching Mauro, Craft, Chien, and Okimoto teach the claimed subject 

matter. 

Mauro, Craft, Chien, and Okimoto do not explicitly disclose wherein the symmetric key 
is generated as a function of a master key and the unique device identity. 

However, Audebert teaches a system and method for generating symmetric keys within a 
personal security device having minimal trust relationships, wherein the symmetric key is 
generated as a function of a master key and the unique device identity [Audebert: fig. 2B; par. 
[0041]; master key 280, PSD's serial number 65A, and composite key 210]. 

Thus, it would have been obvious to the person of ordinary skill in the art at the time the 
invention was made to combine the teachings of Mauro, Craft, Chien, and Okimoto by including 
the teaching as suggested by Audebert to provide a method and system for generating a 
composite symmetric key, which securely incorporates information from each service provider 
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contained in a Personal security devices (PSD) and is only known to a trusted third party 
[Audebert: par. [0011]]. 



As per Claim 13: 

Claim 13 is essentially the same as claim 5 except that it sets forth the claimed invention as an 
apparatus rather a method and rejected under the same reasons as applied above. 

Claims 22 are rejected under 35 U.S.C. 103(a) as being unpatentable over Mauro (US 
2002/0147920) in view of Craft et al. (US 2002/0150243) further in view of Okimoto et al. (US 
6,978,022 B2), and further in view of Audebert et al. (US 2003/0086571 Al). 

As per claim 22: 

The combination of Mauro, Craft, and Okimoto teach the subject matter as described above. 
Mauro, Craft, and Okimoto do not explicitly disclose wherein the symmetric key is generated as 
a function of master key and a unique device key. 

However, Audebert teaches a system and method for generating symmetric keys within a 
personal security device having minimal trust relationships, wherein the symmetric key is 
generated as a function of a master key and a unique device identity [Audebert: fig. 2B; par. 
[0041]; master key 280, PSD's serial number 65A, and composite key 210]. 

Thus, it would have been obvious to the person of ordinary skill in the art at the time the 
invention was made to combine the teachings of Mauro, Craft, and Okimoto by including the 
teaching as suggested by Audebert to provide a method and system for generating a composite 
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symmetric key, which securely incorporates information from each service provider contained in 
a Personal security devices (PSD) and is only known to a trusted third party [Audebert: par. 
[0011]]. 



Claims 24 are rejected under 35 U.S.C. 103(a) as being unpatentable over Mauro (US 
2002/0147920) in view of Craft et al. (US 2002/0150243) further in view of Okimoto et al. (US 
6,978,022 B2), and further in view of Chien (US 7,551,913 Bl). 



As per claim 24: 

Craft further teaches the personal device as claimed in claim 18, wherein the personal device is a 
wireless communications terminal [Craft: par. [0025], lines 13-16. Personal digital assistant 
(PDAs, client 107) is equivalent to a wireless personal device] but does not explicitly disclose 
a wireless communication terminal which has an unique device identity is an identifier which 
identifies the wireless communications terminal in a wireless communications network. 

However, Chien discloses a methods and apparatus for anonymous user identification and 
content personalization in wireless communication, wherein an unique device identity is an 
identifier which identifies the wireless communications terminal in a wireless communications 
network [Chien: Col. 3; lines 15-20; Col. 3, lines 55-60; Col. 4, lines 1-32; fig. 1; Wireless 
communication device includes a device serial number 102 and a SIMID 107; Col. 4, lines 
28-32; An International Mobile Station Equipment Identity (IMEI) can be used as a device 
identifier; fig. 2; Col. 4, lines 40-50; retrieving personalization parameters such as a device 
serial number as a SIM ID; Col. 6, lines 54-57]. 
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Thus, it would have been obvious to the person of ordinary skill in the art at the time of 
the invention was made to combine the method of Mauro and Craft by including the teaching of 
Chien wherein an unique device identity is an identifier which identifies the wireless 
communications terminal in a wireless communications network to provide anonymous content 
personalization in wireless communication network [Chien: Col. 2, lines 34-42]. 

Conclusion 

The examiner requests, in response to this Office action, support be shown for language 
added to any original claims on amendment and any new claims. That is, indicate support for 
newly added claim language by specifically pointing to page(s) and line number(s) in the 
specification and/or drawing figure(s). This will assist the examiner in prosecuting the 
application. Failure to show support can result in a non-compliant response. 

When responding to this office action, Applicant is advised that if Applicant traverses an 
obviousness rejection under 35 U.S.C. 103, a reasoned statement must be included explaining 
why the Applicant believes the Office has erred substantively as to the factual findings or the 
conclusion of obviousness See 37 CFR 1.111(b). 

Additionally Applicant is further advised to clearly point out the patentable novelty which he or 
she thinks the claims present, in view of the state of the art disclosed by the references cited or 
the objections made. He or she must also show how the amendments avoid such references or 
objections See 37 CFR 1 . 1 1 1(c). 
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THIS ACTION IS MADE FINAL. Applicant is reminded of the extension of time 
policy as set forth in 37 CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within TWO 
MONTHS of the mailing date of this final action and the advisory action is not mailed until after 
the end of the THREE-MONTH shortened statutory period, then the shortened statutory period 
will expire on the date the advisory action is mailed, and any extension fee pursuant to 37 
CFR 1 .136(a) will be calculated from the mailing date of the advisory action. In no event, 
however, will the statutory period for reply expire later than SIX MONTHS from the mailing 
date of this final action. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Canh Le whose telephone number is 571-270-1380. The 
examiner can normally be reached on Monday to Friday 7:30AM to 5:00PM other Friday off. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Orgad Edan can be reached on 571-272-7884. The fax phone number for the 
organization where this application or proceeding is assigned is 571-273-8300. 
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Information regarding the status of an application may be obtained from the Patent 
Application Information Retrieval (PAIR) system. Status information for published applications 
may be obtained from either Private PAIR or Public PAIR. Status information for unpublished 
applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direct.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). If you would 
like assistance from a USPTO Customer Service Representative or access to the automated 
information system, call 800-786-9199 (IN USA OR CANADA) or 571-272-1000. 

/Christian LaForgia/ 

Primary Examiner, Art Unit 2439 

/Canh Le/ 

Examiner, Art Unit 2439 
August 27, 2010 



